The digital afterlife is a mess.

Why It’s So Difficult to Deal With a Dead Loved One’s Online Accounts

Why It’s So Difficult to Deal With a Dead Loved One’s Online Accounts

The citizen’s guide to the future.
Nov. 29 2017 11:46 AM
FROM SLATE, NEW AMERICA, AND ASU

The Digital Afterlife Is a Mess

A tangle of laws and tech company policies make it difficult to deal with a dead loved one’s online life.

523256744
A complex web of federal and state laws makes accessing a deceased loved one’s digital files difficult.

ViktorCap/Thinkstock

This article is part of Future Tense, a collaboration among Arizona State University, New America, and Slate. On Dec. 6, Future Tense will hold a happy hour event in Washington about planning your digital afterlife. For more information and to RSVP, visit the New America website.

Imagine that your beloved brother had just been killed in a car accident, leaving behind not just a grieving (and angry) family, but also dozens of internet accounts, ranging from his Facebook page to his Gmail accounts to his business records. You’ve gone to court, and you’ve received legal authority to clean up your brother’s estate. What rights does that give you to manage his online accounts?

Advertisement

There is, alas, no one right answer. What you can do depends on what actions your brother took before his death, what the online accounts themselves permit, and the laws of the state where your brother lived.

In the past, after a person became incapacitated or died, the legally recognized fiduciary (someone given the power to act on behalf of another) would go to the home of the person who had died and look for paper records of bank accounts, stock holdings, bills to be paid, and business transactions. During that process, they would find old love letters, dirty laundry, and anything else left behind. Laws are clear that this fiduciary has management rights and must act in the best interests of the person who has died.

Today’s world is different. Many of us have chosen to go paperless, so all of our financial statements are delivered electronically; we even file digital tax returns. Our love letters may no longer be written in ink on paper, our reading and listening and viewing interests no longer documented by hardcover books and magazines, record albums, and VCR tapes, and our photos no longer stored in boxes under out beds. In 2013, McAfee released a survey that suggested that on average, we value our digital assets—what we have created, communicated, sent, received, or stored through electronic means—at about $35,000. These assets range from a potentially lucrative domain name to all of those photos we store in the cloud. (In the McAfee survey, the average respondent said that digital “personal memories” were worth about $17,000.)

Collecting all of those records today often begins with accessing the person’s computer, rather than physical file cabinets. You might think then, that your first step should involve accessing your brother’s computer.

Advertisement

But federal and state laws protect against unauthorized access to computers and internet accounts, and internet service providers may prohibit sharing access to data with anyone else through their terms of service agreements, or TOSAs. To protect our privacy on the web, Congress enacted the Stored Communications Act in 1986 (when Mark Zuckerberg was 2 years old) as part of the Electronic Communications Privacy Act. The law prohibits certain providers of public communications services from disclosing the “contents” of our electronic communications without legal authorization, such as a search warrant—or your brother’s permission. (“Contents” includes what is contained in our email messages, although it doesn’t include the user’s name or address, or the date and time the message was sent.) So, even if you have access to your brother’s username and password, it may be a crime to use them. And then there are those TOSAs, the conditions you click through (and most people don’t read) in order to sign up for an internet account. And the TOSAs for many sites warn you against revealing your password. According to Facebook’s Statement of Rights and Responsibilities, you agree that “You will not share your password.” OK, you probably won’t be prosecuted if you use your dead brother’s password to get into his Facebook account—but it is definitely not a risk worth taking.

Some sites have added options to let us plan for management of our accounts when we are no longer able to do so, and maybe your brother took advantage of these services. Facebook now allows you to designate a “Legacy Contact.” Here’s the official explanation:

Once someone lets us know that a person has passed away, we will memorialize the account and the legacy contact will be able to:
- Write a post to display at the top of the memorialized Timeline (for example, to announce a memorial service or share a special message)
- Respond to new friend requests from family members and friends who were not yet connected on Facebook
- Update the profile picture and cover photo.
Advertisement

Similarly, Google offers an Inactive Account Manager. Google users can provide information about a trusted contact who will have access to various Google accounts once the primary user has been inactive for a set period of time. The Google user can specify the period of inactivity before notification is sent and can also indicate to which accounts the trusted contact will have access. Or, if you’d rather not share those accounts, then you can ask Google to delete your account after you go a set amount of time without logging in.

But what if your brother hasn’t designated a Legacy Contact or an Inactive Account Manager?  And what about all of those other internet accounts?

Enter the Uniform Fiduciary Access to Digital Assets Act, Revised, which was first proposed in 2015. It is now in effect in more than two-thirds of the states, and it attempts to solve problems with access. RUFADAA allows a fiduciary to manage much of a decedent’s digital property, giving access to many things other than the content of electronic communications (unless this access has been limited by the user or by a court order) and even permitting access to content in certain limited situations.

RUFADAA sets out a four-tiered system of priorities:

Advertisement
  1. If the internet company provides its own digital tool that is distinct from the general terms of service and through which the account holder has named another person to have access to the user’s digital assets or to direct that the company delete the user’s digital assets (think of Facebook’s Legacy Contact option), then these online instructions control the fiduciary’s access.
  2. If the internet company didn’t provide this option, or if the account holder didn’t use the tool, then the person can use a will, trust, or another writing to set out what should happen to the digital assets.
  3. If the user has not provided any direction, either online or through estate planning, then the TOSA for the account controls just what the fiduciary can access.
  4. However, many of these agreements don’t say what happens when the user dies. If there’s nothing else, then RUFADAA can allow the fiduciary access to digital material other than the content of certain electronic communications. So you would be able to go into your brother’s account to find email addresses, for instance, or to look for the date and time that he sent an important email before he died. But you couldn’t look at what the email itself said (or even the subject line, technically).

The website Everplans offers some helpful advice on how to manage email accounts. But hopefully learning about these problems will make you want to take control of this issue before you are too ill (or too dead) to use your computer. Here are a few concrete steps for you to consider.

First, take stock of your own online universe. Make sure you have an inventory of your digital assets, including all accounts and passwords. And be careful about revealing that information to anyone else not just because you are concerned about your privacy and hacking, but also because it might be illegal for someone else to use your password, even with your consent, if the site’s terms of service prevent password sharing. Luckily, online services can help you keep track.

Second, take advantage of the online management tools currently available and sign up for them.  If you haven’t yet activated Google’s Inactive Account Manager or set up your Facebook Legacy Contact, it’s time to do so.

Third, consider drafting some estate planning documents to cover your digital assets. Think about whom you would want to serve as a fiduciary who would get access to your online accounts, and think about how much access you want to give that person. There are samples online, including those from the Digital Beyond and Everplans.

It may be a little tedious and a little macabre—no one likes to think about death. And, of course, this is not legal advice. But you’ll be doing your family and friends an enormous favor if you do a little digital estate planning now.

One more thing

You depend on Slate for sharp, distinctive coverage of the latest developments in politics and culture. Now we need to ask for your support.

Our work is more urgent than ever and is reaching more readers—but online advertising revenues don’t fully cover our costs, and we don’t have print subscribers to help keep us afloat. So we need your help.

If you think Slate’s work matters, become a Slate Plus member. You’ll get exclusive members-only content and a suite of great benefits—and you’ll help secure Slate’s future.

Join Slate Plus